James R. Mirick sets the record straight on things he cares about

Homeland Security Can’t Manage their Email

Yet another indication of the general lack of capability of the Department of Homeland Secutiry surfaced this week, when the recipient of a relatively routine DHS counter-terrorism email newsletter attempted to have his delivery email address changed. His request, which he apparently thought was going to the mailing list administrator, in fact executed a “reply all” and shot off the request to all 7,500 subscribers. The humor of his simple request blasting the whole list resulted in an increasing number of recipients joining in with various sage and less than sage comments, and the initial wave of activity resulted in over 2.2 million emails being generatd during the day.

Now so far, this is just a lighthearted little bungle, it does happen inside businesses or agencies, with no particular harm done except to the administrators of the email system. Once when I was at US Bank, some hapless low-level employee in the Proof and Transit department managed to “reply all” to a monthly-fluff-from-the-president email thinking he was asking his supervisor if the vacation schedule was done yet. So everybody got this email too, and some of the recipient’s email “I’m not here” notifications were sent to “reply all” list, as were 2 or 300 emails back to him telling him what he had done, all these copied everybody and ricocheted around the bank until by 11 AM the whole system croaked with overload.

So, as it turns out, it’s possible to flag certain emails as “nonforwardable” and/or “nonreplyable” so this doesn’t happen. That was new stuff, about 5 or 6 years ago. And it was internal email in a bank.

But this is the organization in charge of protecting our critical infrastructure and us from terrorists! And, it’s 5 or 6 years later! The Times’ article points out,

The accident raised questions among cybersecurity experts about how well prepared the Homeland Security Department is to defend against a cyberattack because it had trouble dealing with this computer problem.

“It is a very simple fix,” said Marcus H. Sachs, a volunteer computer security expert at the SANS Internet Storm Center. “Do they not have anybody there that understands how to fix it?”

Actually, the worse problem is, don’t they have anybody who knows how to set it up in the first place? After all, this is not something that’s never happened before. Now they may argue, we’re so busy on the really big stuff, like setting standards for shampoo bottles when you fly, that we didn’t have time to do this right. To anyone who makes that argument with a straight face, I direct you to the parable of the talents in the Bible (Matthew 25:14 – 30). In the end, the master said, “Well done, good and faithful servant! You have been faithful with a few things; I will put you in charge of many things.”

I’d like to see DHS, and especially it’s cyber-terrorism unit, so some small things right, so we had a better feeling about their being able to do complex and critical things right, and right the first time.